Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 1 Update: ISO/IEC 24727- Identification Cards - Integrated circuit cards programming interfaces Teresa Schwarzhoff, U.S. Department of Commerce Porvoo-12:

Published byNeil Berry Modified over 9 years ago

Similar presentations

Presentation on theme: "1 1 Update: ISO/IEC 24727- Identification Cards - Integrated circuit cards programming interfaces Teresa Schwarzhoff, U.S. Department of Commerce Porvoo-12:"— Presentation transcript:

1 1 1 Update: ISO/IEC 24727- Identification Cards - Integrated circuit cards programming interfaces Teresa Schwarzhoff, U.S. Department of Commerce Porvoo-12: Grossetto ITALY

2 2 2 Topics  Background/overview  ISO/IEC 24727  Part 1  Part 2  Part 3  Part 4  Part 5  Conclusion

3 3 3 Topics  Background/overview  ISO/IEC 24727  Part 1  Part 2  Part 3  Part 4  Part 5  Conclusion

4 4 4 ISO/IEC JTC 1 SC 17/WG 4/TF 9  ISO/IEC Joint Technical Committee 1 Sub Committee 17  ISO/IEC JTC1 SC 17/ WG 4  ISO/IEC 24727 work assigned to WG4 - Task Force 9 (TF9)  ISO/IEC 24727 built upon NIST smart card ‘interoperability’ specification  TF9 chaired by U.S. (NIST) and ANSI secretary  TF9 scope  Standardization of a set of structured programming interfaces for interactions between integrated circuit cards and external applications to include generic services for multi-sector use  Good technical expert representation in TF 9 -- includes Australia, France, Germany, Japan, UK, US, and TC 224/WG15

5 5 5 ISO/IEC 24727 multi-part standard ISO/IEC 24727 – Identification Cards - Integrated circuit cards programming interfaces Builds upon ISO/IEC 7816 Focuses on services and interfaces Card type neutral Contact and contactless agnostic eID: identification, authentication, and signature services Goal: Independent implementations that are interchangeable

6 6 6 Why ISO/IEC 24727?  Existing standards  Too many options  Focus on physical card  Lack of interface standardization  Simplification  Simplify developer’s life  Improve portability  Interoperability  Ubiquitous interoperability: what we are all trying to achieve but must be kept simple Interoperability and security and Conformance testing and privacy: “two” sides of the same coin

7 7 7 ISO/IEC 24727: A Standard in 5* Parts * To be discussed in future slide

8 8 8 Topics  Background/overview  ISO/IEC 24727  Part 1  Part 2  Part 3  Part 4  Part 5  Conclusion

9 9 9 ISO/IEC 24727-1  ISO/IEC 24727 Identification Cards - Integrated circuit cards programming interfaces – Part 1: Architecture  Overarching framework  Common terminology  Logical architecture for framework  Status  Published, available for purchase via your national body standards group or the ISO on-line store

10 10 ISO/IEC 24727-2  ISO/IEC 24727 Identification Cards - Integrated circuit cards programming interfaces – Part 2: Generic card interface  Common card interface  7816 toolkit fine-tuning  Discovery mechanism  Card capability description (CCD)  Application capability description (ACD)  ISO/IEC 20060  ISO/IEC 7816-15  Status  FDIS ballot anticipated November 2007  Anticipate IS Spring 2008

11 11 ISO/IEC 24727-3  ISO/IEC 24727 Identification Cards - Integrated circuit cards programming interfaces – Part 3: Application interface  New territory for smart card standards  Normative API/middleware  Normative authentication protocols  Normative Services  Connection  Card application discovery and retrieval  Identity  Cryptographic  Authorization  Status  Learning curve for committee technical experts: not about the ‘card’ but rather card-applications  FCD ballot launched last Friday, 14 September  Anticipate FDIS in Spring 2008

12 12 Example of actions for a service found in ISO/IEC 24727-3: Connection service Initialize Terminate CardApplicationPath CardApplicationConnect CardApplicationDisconnect CardApplicationStartSession CardApplicationEndSession Authentication protocols PIN password symmetric key asymmetric key digital certificate biometric image or template pair of symmetric keys; e.g., one for encryption and one for message authentication code (MAC) generation

13 13 Name of authentication protocolGeneral definition of protocol ASYMMETRIC INTERNAL AUTHENTICATEFetch certificate Send challenge to be signed (on-card) Validate (off-card) signature based on certificate ASYMMETRIC EXTERNAL AUTHENTICATEFetch challenge Sign (off-card) and validate signature (on-card) SYMMETRIC INTERNAL AUTHENTICATESend challenge to be signed (on-card) Validate signature (off-card) SYMMETRIC EXTERNAL AUTHENTICATEFetch challenge Sign challenge (off-card) Validate signature (on-card) COMPAREMatch input parameter with marker PIN COMPAREMatch input parameter with marker and limiting number of incorrect compares – reset on successful compare BIOMETRIC COMPARETranslate input parameter to template form and compare with base template SYMMETRIC KEY NONCEMutual authenticate of card-application and client- application plus generation of session keys ANYBODYNULL authentication protocol

14 14 ISO/IEC 24727-4  ISO/IEC 24727 Identification Cards - Integrated circuit cards programming interfaces – Part 4: API administration  Implementation details of Part 2 and Part 3 interactions  Normative security architecture and stack configurations  Normative IFD API  TLS protocol Status  FCD launched October 2007  FDIS anticipated Spring 2008

15 15 ISO/IEC 24727-5  ISO/IEC 24727 Identification Cards - Integrated circuit cards programming interfaces – Part 5: Testing  Test requirements as technical text is developed  Testing levels and modular approach  Status  Parts 2, 3, and 4 maturity/stability prerequisite has been met  Part 5 WD under modification to reflect recent decisions on the three parts  TF 9 meeting - November  Goal: CD late Spring 2008

16 16 NEW: ISO/IEC 24727-6  ISO/IEC 24727 Identification Cards - Integrated circuit cards programming interfaces – Part 6: Registration authority procedures for the authentication protocols for interoperability  Decision taken at recent WG 4 meeting to establish a RA for future ISO/IEC 24727 authentication protocols  RA streamlines introduction of new normative authentication protocols  Lead: Standards Australia

17 17 Topics  Background/overview  ISO/IEC 24727  Part 1  Part 2  Part 3  Part 4  Part 5  Conclusion

18 18 ISO/IEC 24727 interoperability goals  Re-use of middleware and tokens  Independence of middleware  Independence of tokens  Independence of token administration  Independence of component certification

19 19 Challenges  Existing investments, application neutrality  Maintaining progress  ISO process  Learning curve – have reached the right side of the bell curve!  Sustain simple forward looking, verifiable approach  Avoid options; think beyond the ‘plastic’  Conformance testing  Global standard synchronization  Global eID projects  Standard activities in other areas

20 20 Who is using the standard?  Australia  Australian access card for social services  Queensland drivers license (trailblazer, beginning in 2005)  Europe  EU Citizen Card  German health card  US  Future migration for federal government credential mandated by FIPS 201 (PIV)

21 21 Contact Information: Teresa Schwarzhoff U.S. Department of Commerce, NIST schwarzhoff@nist.gov 301.975.5727 Thank you. Questions…. The best standard is one in which everyone is equally happy (and unhappy).

Download ppt "1 1 Update: ISO/IEC 24727- Identification Cards - Integrated circuit cards programming interfaces Teresa Schwarzhoff, U.S. Department of Commerce Porvoo-12:"

Similar presentations

Digital Certificate Installation & User Guide For Class-2 Certificates.

Digital Certificate Installation & User Guide For Class-2 Certificates.
Installation & User Guide

Installation & User Guide
FIPS 201 Framework: Special Pubs 800-73,76,78 Jim Dray HSPD-12 Workshop May 4/5, 2005.

FIPS 201 Framework: Special Pubs ,76,78 Jim Dray HSPD-12 Workshop May 4/5, 2005.
Status of U.S. Smart Card Deployment Jim Dray Porvoo 7/ World eID Meeting May 2005.

Status of U.S. Smart Card Deployment Jim Dray Porvoo 7/ World eID Meeting May 2005.
Digital Certificate Installation & User Guide For Class-2 Certificates.

Digital Certificate Installation & User Guide For Class-2 Certificates.
External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt November, 2004.

External User Security Model (EUSM) for SNMPv3 draft-kaushik-snmp-external-usm-00.txt November, 2004.
Digital Certificate Installation & User Guide For Class-2 Certificates.

Digital Certificate Installation & User Guide For Class-2 Certificates.
EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.

EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.
Status Report of the Study Group on MDR/MFI Implemenations ISO/IEC JTC 1/SC 32/WG2 Interim Meeting Santa Fe, NM, USA, November 11~15, 2013 Dongwon Jeong,

Status Report of the Study Group on MDR/MFI Implemenations ISO/IEC JTC 1/SC 32/WG2 Interim Meeting Santa Fe, NM, USA, November 11~15, 2013 Dongwon Jeong,
The Austrian Governmental eDelivery System Technical Aspects Ankara, March 17th, 2015 Christian Maierhofer, EGIZ The E-Government Innovation Center is.

The Austrian Governmental eDelivery System Technical Aspects Ankara, March 17th, 2015 Christian Maierhofer, EGIZ The E-Government Innovation Center is.
15June’061 NASA PKI and the Federal Environment 13th Fed-Ed PKI Meeting 15 June ‘06 Presenter: Tice DeYoung.

15June’061 NASA PKI and the Federal Environment 13th Fed-Ed PKI Meeting 15 June ‘06 Presenter: Tice DeYoung.
1 1 A Synopsis of Federal Information Processing Standard (FIPS) 201 for Personal Identity Verification (PIV) of Federal Employees and Contractors Presentation.

1 1 A Synopsis of Federal Information Processing Standard (FIPS) 201 for Personal Identity Verification (PIV) of Federal Employees and Contractors Presentation.
FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.

FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.
Update on European Citizen Card: Part 4 Kristina Unverricht Consumer Council of DIN, Germany Chairperson of ANEC Information Society Working Group October.

Update on European Citizen Card: Part 4 Kristina Unverricht Consumer Council of DIN, Germany Chairperson of ANEC Information Society Working Group October.
Cross Platform Single Sign On using client certificates Emmanuel Ormancey, Alberto Pace Internet Services group CERN, Information Technology department.

Cross Platform Single Sign On using client certificates Emmanuel Ormancey, Alberto Pace Internet Services group CERN, Information Technology department.
ISO/IEC JTC1 SC37 Overview

ISO/IEC JTC1 SC37 Overview
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
WAP Public Key Infrastructure CSCI 5939.02 – Independent Study Fall 2002 Jaleel Syed Presentation No 5.

WAP Public Key Infrastructure CSCI – Independent Study Fall 2002 Jaleel Syed Presentation No 5.
2-Jun-15 1 ACCESSING ON LINE SERVICES PROTECTED BY THE ITALIAN EID GIOVANNI MANCA National Center for Information technology in Public Administration (CNIPA)

2-Jun-15 1 ACCESSING ON LINE SERVICES PROTECTED BY THE ITALIAN EID GIOVANNI MANCA National Center for Information technology in Public Administration (CNIPA)

Similar presentations

Ads by Google